summaryrefslogtreecommitdiff
path: root/man/systemd.exec.xml
diff options
context:
space:
mode:
authorMichael Scherer <misc@zarb.org>2014-02-06 10:05:16 +0100
committerLennart Poettering <lennart@poettering.net>2014-02-10 13:18:16 +0100
commit7b52a628f8b43ba521c302a7f32bccf9d0dc8bfd (patch)
treed23ed2ee1153ffa4e45c1752a077ae2df6901a36 /man/systemd.exec.xml
parent36e0e6311bb4df37385db19b5eca03973b26b5ff (diff)
exec: Add SELinuxContext configuration item
This permit to let system administrators decide of the domain of a service. This can be used with templated units to have each service in a différent domain ( for example, a per customer database, using MLS or anything ), or can be used to force a non selinux enabled system (jvm, erlang, etc) to start in a different domain for each service.
Diffstat (limited to 'man/systemd.exec.xml')
-rw-r--r--man/systemd.exec.xml11
1 files changed, 11 insertions, 0 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 7eaf52bc5b..4281c03cf6 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -951,6 +951,17 @@
</varlistentry>
<varlistentry>
+ <term><varname>SELinuxContext=</varname></term>
+
+ <listitem><para>Set the SELinux context of the
+ executed process. If set, this will override the
+ automated domain transition. However, the policy
+ still need to autorize the transition. See
+ <citerefentry><refentrytitle>setexeccon</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+ for details.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><varname>IgnoreSIGPIPE=</varname></term>
<listitem><para>Takes a boolean